CSE IT aims to make customized computing systems available to research groups while maintaining a safe, secure, and functional environment that is compliant with the University's IT policy and system administration best practices.
For situations where it is beneficial for a research group to configure and manage its own computing systems, CSE has adopted a model to allow "Researcher Managed" machines to operate on designated networks where trusted users have administrative access to resources owned by their research group.
Researchers should thoroughly read this documentation and understand the specified guidelines and best practices for managing their own computing systems.
Researcher Managed systems are administered by a researcher and their team, allowing them to make changes to the operating system, install the latest versions of software packages, and manage user accounts. This level of control provides researchers with a platform that can be customized to their specific research goals while balancing more efficient access to configuration settings with an acceptable level of stability. Researcher Managed systems can more easily be used for the development and deployment of cutting-edge software implementations.
Management and administration of computing systems is not a task to be undertaken lightly. Very real and dangerous consequences can arise if misconfigured systems become compromised and failure to adhere to system administration best practices could have a detrimental effect on the performance and stability of other systems on the network. For these reasons, Researcher Managed systems are placed on protected networks that limit the opportunity for abuse of other computing resources, and the responsibilities of the research team and CSE IT staff are well-defined.
The researcher and their team agree to take responsibility for configuring and maintaining the system and ensuring that it remains in compliance with all CSE and UB IT policies. This includes, but is not limited to, the following tasks:
Researchers are solely accountable for addressing problems on the systems they manage. This includes, but is not limited to, the following:
Researchers agree to adhere to all IT policies and guidelines provided by the Department of Computer Science and Engineering and the University at Buffalo. Failure to adhere to these policies will result in the removal of the Researcher-Managed system from the network.
An overview of UBIT's policies can be accessed here:
The CSE IT staff agree to provide the Researcher Managed system with a connection to a protected network in compliance with UB's IT policies. Outgoing network access is generally unrestricted. Incoming access is limited to on-campus network connections or connections made via the UBVPN.
The logistics of supporting customized operating systems and software configurations limit the amount of help that CSE IT staff can provide for Researcher Managed systems. CSE IT staff will support Researcher Managed systems on a "best effort" basis. Researchers are welcome to ask CSE IT staff questions about their systems, but staff may not be able to help with every problem.
The CSE IT staff retains the right to disconnect Researcher Managed systems from the network, with no notice to the managing researcher, if it is deemed that the system is causing network instability, acting suspiciously, or has been compromised.
The following configurations are required for all Researcher Managed systems. Failure to maintain these configurations will result in the removal of the Researcher Managed system from the network.
The following guidelines should be used as a starting point for meeting the IT policies of the Department and University.